In Jira exists two types of authentication: Basic Auth (in other words, user:password… or the same but base64 encoded) and OAuth (more complex to implement but without “passwords”). Exist a third option, The cookie-based Auth (but it’s depcrecated), and exist a new OAuth2 version currently in development.
Here we want to explain the pro and cons of this Auth methods.
- Very simple to implement
- faster calls
- less code to do a simple call
- The USER AND PASSWORD is sent in the call and can be sniffed and decrypted!
- Cryptography! each message is signed
- Complex to implement (at the initial stage of the development)
- Not proof of JANUS attack!
- Non-web clients!
- Easy to implement